1 | <?xml version="1.0" encoding="UTF-8"?>
|
---|
2 | <!--
|
---|
3 | Licensed to the Apache Software Foundation (ASF) under one or more
|
---|
4 | contributor license agreements. See the NOTICE file distributed with
|
---|
5 | this work for additional information regarding copyright ownership.
|
---|
6 | The ASF licenses this file to You under the Apache License, Version 2.0
|
---|
7 | (the "License"); you may not use this file except in compliance with
|
---|
8 | the License. You may obtain a copy of the License at
|
---|
9 |
|
---|
10 | http://www.apache.org/licenses/LICENSE-2.0
|
---|
11 |
|
---|
12 | Unless required by applicable law or agreed to in writing, software
|
---|
13 | distributed under the License is distributed on an "AS IS" BASIS,
|
---|
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
15 | See the License for the specific language governing permissions and
|
---|
16 | limitations under the License.
|
---|
17 | -->
|
---|
18 | <!-- GSDL: Notes
|
---|
19 | To turn a new default 'tomcatN.x.yy/conf/server.xml' into a server_tomcatN.xml.svn
|
---|
20 | Perform the following substitutions:
|
---|
21 | 8080 => @localhost.port.http@
|
---|
22 | 8443 => @https.redirect.port@
|
---|
23 | 8005 => @shutdown-port@
|
---|
24 | 8009 => @tomcat.ajp.port@
|
---|
25 |
|
---|
26 | Then:
|
---|
27 | diff tomcatN.x.yy/conf/server.xml server_tomcatN.xml.svn
|
---|
28 |
|
---|
29 | This will highlight were additional changes are needed.
|
---|
30 | For instance add in:
|
---|
31 | @http.address.restriction@
|
---|
32 | URIEncoding ="UTF-8"
|
---|
33 |
|
---|
34 | -->
|
---|
35 |
|
---|
36 | <!-- Note: A "Server" is not itself a "Container", so you may not
|
---|
37 | define subcomponents such as "Valves" at this level.
|
---|
38 | Documentation at /docs/config/server.html
|
---|
39 | -->
|
---|
40 | <Server port="@shutdown-port@" shutdown="SHUTDOWN">
|
---|
41 | <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
---|
42 | <!-- Security listener. Documentation at /docs/config/listeners.html
|
---|
43 | <Listener className="org.apache.catalina.security.SecurityListener" />
|
---|
44 | -->
|
---|
45 | <!-- APR library loader. Documentation at /docs/apr.html -->
|
---|
46 | <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
---|
47 | <!-- Prevent memory leaks due to use of particular java/javax APIs-->
|
---|
48 | <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
---|
49 | <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
---|
50 | <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
---|
51 |
|
---|
52 | <!-- Global JNDI resources
|
---|
53 | Documentation at /docs/jndi-resources-howto.html
|
---|
54 | -->
|
---|
55 | <GlobalNamingResources>
|
---|
56 | <!-- Editable user database that can also be used by
|
---|
57 | UserDatabaseRealm to authenticate users
|
---|
58 | -->
|
---|
59 | <Resource name="UserDatabase" auth="Container"
|
---|
60 | type="org.apache.catalina.UserDatabase"
|
---|
61 | description="User database that can be updated and saved"
|
---|
62 | factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
---|
63 | pathname="conf/tomcat-users.xml" />
|
---|
64 | </GlobalNamingResources>
|
---|
65 |
|
---|
66 | <!-- A "Service" is a collection of one or more "Connectors" that share
|
---|
67 | a single "Container" Note: A "Service" is not itself a "Container",
|
---|
68 | so you may not define subcomponents such as "Valves" at this level.
|
---|
69 | Documentation at /docs/config/service.html
|
---|
70 | -->
|
---|
71 | <Service name="Catalina">
|
---|
72 |
|
---|
73 | <!--The connectors can use a shared executor, you can define one or more named thread pools-->
|
---|
74 | <!--
|
---|
75 | <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
|
---|
76 | maxThreads="150" minSpareThreads="4"/>
|
---|
77 | -->
|
---|
78 |
|
---|
79 |
|
---|
80 | <!-- A "Connector" represents an endpoint by which requests are received
|
---|
81 | and responses are returned. Documentation at :
|
---|
82 | Java HTTP Connector: /docs/config/http.html
|
---|
83 | Java AJP Connector: /docs/config/ajp.html
|
---|
84 | APR (HTTP/AJP) Connector: /docs/apr.html
|
---|
85 | Define a non-SSL/TLS HTTP/1.1 Connector on port @localhost.port.http@
|
---|
86 | -->
|
---|
87 | <!-- GSDL: We comment out the 'standard' connector in favour of the tomcatThreadPool one below -->
|
---|
88 | <!-- GSDL: URIEncoding of UTF-8 param also added, and @http.address.restriction@ -->
|
---|
89 | <!--
|
---|
90 |
|
---|
91 | <Connector @http.address.restriction@
|
---|
92 | port="@localhost.port.http@" protocol="HTTP/1.1"
|
---|
93 | connectionTimeout="20000"
|
---|
94 | redirectPort="@https.redirect.port@"
|
---|
95 | maxParameterCount="1000"
|
---|
96 | URIEncoding="UTF-8"
|
---|
97 | />
|
---|
98 | -->
|
---|
99 | <!-- A "Connector" using the shared thread pool-->
|
---|
100 | <!-- GSDL: We use this Connector by default. Add @http.address.restriction@
|
---|
101 | Additional params added after redirectPort -->
|
---|
102 | <Connector executor="tomcatThreadPool" @http.address.restriction@
|
---|
103 | port="@localhost.port.http@" protocol="HTTP/1.1"
|
---|
104 | connectionTimeout="20000"
|
---|
105 | redirectPort="@https.redirect.port@"
|
---|
106 | maxParameterCount="1000"
|
---|
107 | compression="on"
|
---|
108 | compressionMinSize="524288"
|
---|
109 | compressableMimeType="text/html,text/xml,text/css,text/xsl,text/javascript"
|
---|
110 | noCompressionUserAgents="gozilla, traviata"
|
---|
111 | URIEncoding="UTF-8"
|
---|
112 | />
|
---|
113 |
|
---|
114 | <!-- Define an SSL/TLS HTTP/1.1 Connector on port @https.redirect.port@
|
---|
115 | This connector uses the NIO implementation. The default
|
---|
116 | SSLImplementation will depend on the presence of the APR/native
|
---|
117 | library and the useOpenSSL attribute of the AprLifecycleListener.
|
---|
118 | Either JSSE or OpenSSL style configuration may be used regardless of
|
---|
119 | the SSLImplementation selected. JSSE style configuration is used below.
|
---|
120 | -->
|
---|
121 | <!-- GSDL: URIEncoding param added, but note the connector elem itself is commented out by default -->
|
---|
122 | <!--
|
---|
123 | <!--
|
---|
124 | <Connector port="@https.redirect.port@" protocol="org.apache.coyote.http11.Http11NioProtocol"
|
---|
125 | maxThreads="150" SSLEnabled="true"
|
---|
126 | maxParameterCount="1000"
|
---|
127 | URIEncoding="UTF-8"
|
---|
128 | >
|
---|
129 | <SSLHostConfig>
|
---|
130 | <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
|
---|
131 | type="RSA" />
|
---|
132 | </SSLHostConfig>
|
---|
133 | </Connector>
|
---|
134 | -->
|
---|
135 | <!-- Define an SSL/TLS HTTP/1.1 Connector on port @https.redirect.port@ with HTTP/2
|
---|
136 | This connector uses the APR/native implementation which always uses
|
---|
137 | OpenSSL for TLS.
|
---|
138 | Either JSSE or OpenSSL style configuration may be used. OpenSSL style
|
---|
139 | configuration is used below.
|
---|
140 | -->
|
---|
141 | <!-- GSDL: URIEncoding param added, but note the connector elem itself is commented out by default -->
|
---|
142 | <!--
|
---|
143 | <Connector port="@https.redirect.port@" protocol="org.apache.coyote.http11.Http11AprProtocol"
|
---|
144 | maxThreads="150" SSLEnabled="true"
|
---|
145 | maxParameterCount="1000"
|
---|
146 | URIEncoding="UTF-8"
|
---|
147 | >
|
---|
148 | <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
|
---|
149 | <SSLHostConfig>
|
---|
150 | <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
|
---|
151 | certificateFile="conf/localhost-rsa-cert.pem"
|
---|
152 | certificateChainFile="conf/localhost-rsa-chain.pem"
|
---|
153 | type="RSA" />
|
---|
154 | </SSLHostConfig>
|
---|
155 | </Connector>
|
---|
156 | -->
|
---|
157 | <!-- GSDL: Connector element aligned with Greenstone documentation for for https access, if activated -->
|
---|
158 | @https.comment.out.start@
|
---|
159 | <Connector port="@tomcat.port.https@" protocol="org.apache.coyote.http11.Http11Protocol"
|
---|
160 | maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
|
---|
161 | keystoreFile="@keystore.file@"
|
---|
162 | keystorePass="@keystore.pass@"
|
---|
163 | clientAuth="false" sslProtocol="TLS"
|
---|
164 | keystoreType="@keystore.type@"
|
---|
165 | maxParameterCount="1000"
|
---|
166 | URIEncoding="UTF-8" />
|
---|
167 | @https.comment.out.end@
|
---|
168 |
|
---|
169 | <!-- Define an AJP 1.3 Connector on port @tomcat.ajp.port@ -->
|
---|
170 | <!-- GSDL: URIEncoding param added, but note the connector elem itself is commented out by default -->
|
---|
171 | <!--
|
---|
172 | <Connector protocol="AJP/1.3"
|
---|
173 | address="::1"
|
---|
174 | port="@tomcat.ajp.port@"
|
---|
175 | redirectPort="@https.redirect.port@"
|
---|
176 | maxParameterCount="1000"
|
---|
177 | URIEncoding="UTF-8"
|
---|
178 | />
|
---|
179 | -->
|
---|
180 |
|
---|
181 | <!-- An Engine represents the entry point (within Catalina) that processes
|
---|
182 | every request. The Engine implementation for Tomcat stand alone
|
---|
183 | analyzes the HTTP headers included with the request, and passes them
|
---|
184 | on to the appropriate Host (virtual host).
|
---|
185 | Documentation at /docs/config/engine.html -->
|
---|
186 |
|
---|
187 | <!-- You should set jvmRoute to support load-balancing via AJP ie :
|
---|
188 | <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
|
---|
189 | -->
|
---|
190 | <Engine name="Catalina" defaultHost="localhost">
|
---|
191 |
|
---|
192 | <!--For clustering, please take a look at documentation at:
|
---|
193 | /docs/cluster-howto.html (simple how to)
|
---|
194 | /docs/config/cluster.html (reference documentation) -->
|
---|
195 | <!--
|
---|
196 | <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
|
---|
197 | -->
|
---|
198 |
|
---|
199 | <!-- Use the LockOutRealm to prevent attempts to guess user passwords
|
---|
200 | via a brute-force attack -->
|
---|
201 | <Realm className="org.apache.catalina.realm.LockOutRealm">
|
---|
202 | <!-- This Realm uses the UserDatabase configured in the global JNDI
|
---|
203 | resources under the key "UserDatabase". Any edits
|
---|
204 | that are performed against this UserDatabase are immediately
|
---|
205 | available for use by the Realm. -->
|
---|
206 | <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
---|
207 | resourceName="UserDatabase"/>
|
---|
208 | </Realm>
|
---|
209 |
|
---|
210 | <Host name="localhost" appBase="webapps"
|
---|
211 | unpackWARs="true" autoDeploy="true">
|
---|
212 |
|
---|
213 | <!-- SingleSignOn valve, share authentication between web applications
|
---|
214 | Documentation at: /docs/config/valve.html -->
|
---|
215 | <!--
|
---|
216 | <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
---|
217 | -->
|
---|
218 |
|
---|
219 | <!-- Access log processes all example.
|
---|
220 | Documentation at: /docs/config/valve.html
|
---|
221 | Note: The pattern used is equivalent to using pattern="common" -->
|
---|
222 | <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
---|
223 | prefix="localhost_access_log" suffix=".txt"
|
---|
224 | pattern="%h %l %u %t "%r" %s %b" />
|
---|
225 |
|
---|
226 | </Host>
|
---|
227 | </Engine>
|
---|
228 | </Service>
|
---|
229 | </Server>
|
---|